WORLD INTELLECnjAL PROPERTV ORGANIZATION 
International Bureau 




PCX 

INTERNATIONAL APPUCATION PUBUSHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) Internatioiial Patent Clas 


sification : 




(11) International Publication Number: 


WO 00/25241 


G06F 17/50 




A2 


(43) International Publication Date: 


4 May 2000 (04.05.00) 



(21) Internationa] Application Number: PCnyBE99/00131 

(22) International Filing Date: 26 October 1999 (26.10.99) 



(30) Priority Data: 
9800780 



28 October 1998 (28.10.< 



BE 



(71) Applicant (for all designated States except US): NETVISION, 

NAAMLOZE VENNOOTSCHAP [BE/BE]; Parijsstraat 74. 
B-3000 Leuven (BE). 

(72) Inventors; and 

(75) Inventors/Applicants (for US only): BUNENS, Stijn [BE/BE]; 
Linkersteenweg 14, B-3500 Hasselt (BE). JOOSEN. Wouter 
[BE/BE]; A. Schcyvacitslaan 46, B-2180 Antwcipen (Ek- 

eren) (BE). 

(74) Agent: DONNE. Eddy; Bureau M.FJ. Bockstael nv, Aren- 
bergstraat 13. B-2000 Antwerpen (BE). 



(81) Designated States: AE, AL, AM. AT. AU. AZ. BA, BB. BG. 
BR. BY. CA. CH. CN, CU. CZ. DE. DK, EE. ES, FI. GB. 
GD. GE, GH. GM. HR. HU. ID. IL. IN, IS. JP. KE, KG. 
KP. KR. KZ, LC, LK, LR, LS. LT. LU, LV, MD, MG. MK, 
MN, MW. MX. NO. NZ. PL, PT. RO, RU, SD, SE. SO, 
SI, SK, SL. TJ. TM, TO. TT. UA, UG. US. UZ. VN, YU. 
ZA. ZW. ARIPO patent (GH, GM. KE, LS. MW. SD, SL. 
SZ. TZ, UG. ZW). Eurasian patent (AM. AZ, BY. KG. KZ, 
MD. RU. TJ, TM). European patent (AT. BE. CH. CY, DE, 
DK, ES, FI. FR. GB. GR, IE, IT. LU. MC. NL. PT. SE). 
OAPI patent (BF, BJ. CF. CG, CI. CM. GA, GN. GW. ML. 
MR, NE, SN, TD. TG). 



Published 

Without international search report and to be republished 
upon receipt of that report. 



(54) TiUe: METHOD FOR SUPPLYING SERVICES VIA AT LEAST ONE NETWORK AND NETWORK ARCHITECTURE AND 
MANAGEMENT CENTRE USED THEREBY 




7 



(57) Abstract 

Method for supplying services via at least one existing network, whereby the user asking an "on-line" service provider, i.e. who is 
connected to this network, for a service via this network puts in identification data, control data for the authentication and the instruction, and 
whereby, on the basis of the identification data and the control data, the identity is first authenticated before the service is provided by the 
service provider, characterised in that die on-line service providers and other service providers who are connected to the same management 
centre leave the authentication of the user asking for a service, and possibly also the payment, to said management centre, and when the 
identity data, the control data and the instruction are received, they transmit these identity data and the control data to the management 
centre, which checks or authenticates, and if requited validates the identity, and which will then communicate this to the service provider 
who will subsequently offer the service. 
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Method for supplying services via at least one network and 
network architecture and management centre used thereby. 

5 

The present invention concerns a method for supplying 
services via at least one existing network, whereby the 
user asking an "on-line' service provider, i.e. who is 
connected to this network, for a service via this network 
10 puts in identification data, control data for the 
authentication and the instruction, and whereby, on the 
basis of the identification data and the control data, the 
identity is first authenticated before the service is 
provided by the service provider, 

15 

The on-line service provider can for example provide access 
to a network, offer information or it may be an electronic 
seller of products or services. 

20 In quite some existing networks, the user can for example 
make himself known to a service provider by means of a 
card, whereby by putting in his secret code, for example by 
typing it on a keyboard, he validates the payment of the 
supplied services or products, or services or products to 

25 be supplied. 

The user hereby gives his instructions to the service 
provider via his terminal, for example a PC or payment 
terminal. These instructions are split in an order job for 
30 the service provider on the one hcuid, and an identification 
and control part, consisting of for example the code of the 
card and the inputted secret control code on the other 
hand. This identification and control part, which cannot 
be recognised by the service provider, is transmitted to an 



1/20/2006, EAST Version: 2.0.1.4 



wo 00/25241 



PCT/BE99/00131 



-2- 

extemal management centre, for example an organisation 
managing pay cards. 

However, this known method only offers restricted 
5 possibilities. If the external mamagement centre is for 
example an organisation managing pay cards, this management 
service cannot offer any . other services to the service 
provider than taking care of the payment . On the user ' s 
side, the latter can only pay with his pay card via the 
10 organisation managing these pay cards. 

The invention aims to remedy these disadvantages and to 
provide a method for supplying services to the users and/or 
suppliers of a network offering more possibilities. 
15 ' 

This aim is reached according to the invention in that the 
on-line service providers and other service providers who 
are connected to one and the same management centre leave 
the authentication of the user asking for a service, and 

20 possibly also the payment, to said management centre, and 
when the identity data, the control data and the 
instruction are received, they transmit these identity data 
and the control data to the management centre, which checks 
or authenticates, and if rec[uired validates the identity, 

25 and which will then communicate this to the service 
provider who will subsequently offer the service. 

Prefersibly, a card (magnetic card or chip card) is given to 
the user, which allows the management centre to carry out 
30 the authentication when an instruction is given at any 
terminal whatsoever which belongs to or which is connected 
to a service provider who is himself connected to the 
management centre. 
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According to a special embodiment of the invention, the 
management centre also offers additional services to the 
service providers, apart from the authentication, such as 
the follow-up of virtual finajicial accounts such as 
5 discount vouchers, the orders placed in order to determine 
a discount percentage, etc., whereby the management centre 
can call in the help of external service providers for 
these additional services. 

10 When a user gives an instruction, the service provider will 
note the instruction and the identity of the user and will 
transmit the identification data and control data, i.e. the 
request for authentication, to the management centre, 
together with possible additional questions, related for 

15 example to the creditworthiness of the user, possible 
advantages that are given to the user, etc. 

The present invention also concerns a network architecture 
for applying the method according to any of the preceding 
20 embodiments. 

The invention is thus related to a network architecture for 
providing on-line services to a user, which network 
architecture comprises a number of service providers, a 

25 number of terminals which are connected to the service 
providers via one and the same or different networks and by 
means of which a user can order a service via a network by 
putting in data related to his identity, control data to 
validate this identity and an instruction, and a management 

30 centre onto which the service providers are connected for 
the authentication and possibly the payment of the 
requested service, whereby the network architecture forms 
an open system and the management centre is shared by both 
the service providers who offer services or products to the 

35 users of this network via a closed network, and other 
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service providers, including host computers of local area 
networks of sellers, whereby this management centre is such 
that, no matter via which service provider it receives the 
data related to the identity and the control data of a 
5 user, it will guarantee the authentication or validation of 
the identity.. 

These service providers who are connected to the management 
centre may include, apart from on-line sales services, 

10 called shopping malls, one or several of the following: 
service providers giving access to a network provided there 
has been a payment, printing services whereby documents can 
be printed by the user's printer at a charge, as well as 
home automation systems or home computers and remote 

15 control appliances - 

Preferably, the architecture of a network is such that the 
users can operate appliances via remote control by 
inserting a card which has been given to them in a terminal 
20 and by putting in their personal code. 

Preferably, the management centre is designed such that it 
can authenticate the identity of a user on the basis of the 
identification data of a single card which has been 
25 allotted to the user and which is read by any card reader 
whatsoever of a terminal of the network architecture, and 
on the basis of the control data which have been inputted 
in any way whatsoever by this user. 

30 Preferably, the mcuiagement centre is built such that it can 
also provide other services than authenticating and 
possibly carrying out payment orders, whereby this 
management centre is advantageously linked to external 
service providers who can take care of certain tasks. 

35 
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In particular, the management centre may be able to follow 
up virtual financial accoiints, either directly or via 
external service providers, such as for example bonus 
accounts, coupons or discount percentages for users as a 
5 function of their purchases in the past, etc. 

Also, the management centre and the connection to the 
service providers can be built such that the management 
centre can receive additional questions of the service 
10 providers and answer them, such as questions related to the 
creditworthiness, possible discounts to be applied, etc. 
and it may possibly be connected to this end with external 
service providers. 

15 The invention also concerns a management centre as used in 
the network architecture according to the invention. 

In order to better explain the characteristics of the 
invention, the following preferred embodiments of a method 
20 for providing . services via a network, of a network 
architecture for this and of a management centre used 
thereby are described as an example only according to the 
invention, without being limitative in any way, with 
reference to the accompanying drawings, in which: 

25 

figure 1 represents a block diagram of a network 
architecture according to the inventions- 
figure 2 represents a block diagram which illustrates 
the method according to the invention; 
30 figure 3 represents a block diagram analogous to that 

of figure 2, but with reference to another embodiment 
of the method according to the invention. 

The network architecture represented in figure 1 for on- 
35 line service providing to a user forms an open system. 
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It contains a number of terminals 1, of which only two are 
represented in figure 1, namely a personal computer 2 and a 
payment terminal 3, both equipped with a card reader 4 for 
5 reading one and the same magnetic card or chip card 5 of a 
user. 

These terminals 1 are connected to a number of service 
providers 7, either directly or by means of what is called 

10 a provider, via a single or several networks 6 such as 
internet, where the user can order an on-line service by 
putting in data regarding his identity by means of his card 
5, for example by typing in a personal code, by putting in 
control data to validate said identity and by putting in 

15 the actual instruction. 

These service providers 7 consist of service providers 
offering services or products via a closed network to the 
users of this network, as well as other service providers, 

20 including host computers of local area networks of sellers, 
on-line service providers who can give access to a network 
provided there has been a payment, service providers who 
have specific information printed out by the user's printer 
at a charge, the processor of home computers or of home 

25 automation systems, or in a general way of any electric or 
electronic appliance which is connected on-line and which 
can be operated via remote control. 

All service providers 7 are connected either wireless or 
30 via a network 6 to a single shared management centre 8 to 
authenticate and possibly to pay the required service. 

This management centre 8 is built such that, no matter via 
which service provider 7 it receives the information 
35 related to the identity and the control data of a user, it 
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will guarantee the authentication or validation of the 
identity. 

This management centre 8 is built such that it can also 
5 provide other services, such as carrying out payment 
instructions, the follow-up of virtual financial accounts, 
such as for example bonus accounts, coupons or discount 
percentages for users as a function of their purchases in 
the past, etc., and such that it can receive additional 
10 questions of the service providers 7 and answer them, such 
as questions related to the creditworthiness, possible 
discounts to be applied, etc. 

In view of these additional services, the management centre 
15 8 is connected to external service providers 9 who can 
carry out a number of tasks for the management centre 8, 
such as the follow-up of the virtual accounts, financial 
institutions for the payments, etc. 

20 The network architecture works as follows: 

After the user has had his card 5 read by the card reader 4 
and has typed in his personal code on the keyboard of the 
terminal 1, he will give the instructions regarding the 
25 services or goods to be provided by a service provider 7 . 

This personal code can be a secret code which has been 
given to him by the management centre 8. 

30 However, this personal code could also be the voice or the 
identification of a part of the body, for example a 
fingerprint, the face, the eyes or such of the user, 
provided the terminal 1 is equipped with the necessary 
appliances to analyse the voice or scan the part of the 

35 body. 
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The service provider 7 sends the identification data of the 
card 5 and the control data, consisting of the personal 
code which is illegible to him, to the management centre 8 
in order to authenticate the identity, possibly together 
with a request for additional services such as questions 
related to the creditworthiness of the user, the discount 
to be given, etc. 

The management centre 8 will provide these additional 
services entirely autonomously, or it will make use to this 
end of one or several of the external service providers 9. 

The management centre 8 will authenticate the identity and 
the required additional services and communicate the result 
of all this to the service provider 7, who will carry out 
the instruction provided the identity is validated. 

The management centre 8 can take care of the billing of the 
supplied services or goods, or, if it is connected to a 
financial institution, it can take care of the payment of 
the services or goods directly. 

With a single card and a personal code, the user can give 
instructions to several service providers 7 at different 
terminals 1, not only to place orders, but for example also 
to give instructions to the processors of appliances which 
can be operated via remote control. 

Thus, the user can give instructions from any terminal 1 
whatsoever which is connected to the network 6 to for 
example set his central heating, close or open roll-down 
shutters, etc. 
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Just as the other instructions to on-line service providers 
1, this control is protected by the management centre 8 via 
the common security . 

5 The service provider 7 does not necessarily have to provide 
a number of services himself, but he can leave them to the 
management centre 8, such as among others the 
authentication, but also the additional services as 
mentioned above. 

10 

The number of possibilities has increased, both for the 
user, who can now give more varying instructions and can 
obtain services with a single card, and for the service 
provider 7, who csm leave a number of services to the 
15 management centre 8, 

The invention will be further illustrated by means of two 
practical examples. 

20 As represented in figure 2, a user introduces himself by 
putting in his card 5 in the card reader 4 of a personal 
computer 2 to a service provider 7 offering products who is 
connected to the latter via a network 6, in other words, he 
sends identity data 10 to the service provider 7. 

25 

Following this, the service provider 7 will invite him to 
indicate what product he wants and he will ask for the 
personal code of the user, as represented by the arrow 11. 

30 The user gives his personal code and thus control data 12, 
and he transmits the order or the instruction part 13. 

The identity data 10 and the control data 12 are 
transmitted to the management centre 8 by the service 
35 provider 7, together with questions 14 for additional 
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services for the management centre 8, namely the question 
what discount can be given to the user and whether he is 
creditworthy. 

5 The management centre 8 checks the identification of the 
user and validates it, and it takes care of the additional 
services, for which the management centre 8 can possibly 
get into contact with the external service provider 9 who 
for example keeps record of an account containing all the 
10 purchases of the user, together with the corresponding 
discount percentage. 

The management centre 8 sends the result of the validation, 
together with the answers to questions raised, i.e. the 
15 discount percentage and the degree of creditworthiness, 
back to the service provider 7, as represented by the arrow 
15. 

On the basis thereof, the service provider 7 will carry out 
20 the order and communicate the amount to be paid to the 
user, as represented by the arrow 16. Said user finally 
gives instructions 17 to withdraw the amount from his 
account . 

25 In the example represented in figure 3, a user has a home 
computer 2 in his house which controls among others the 
opening and closing of electrically operated shutters, and 
which is on-line connected to the management centre 8, and 
thus constitutes a service provider 7. 

30 

While travelling, said user puts his card 5 in the card 
reader 4 of a personal computer 2 which is also connected 
to the management centre 8 via a network 6, and he types in 
his secret code number on the keyboard. 

35 
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Then, he types in his instructions to roll down the 
shutters. 

The inputted information thus consists of identity data 10, 
control data 12 and an instruction part 13 . 

The home computer 2 sends the identity data 10 and the 
control data 12 to the management centre 8 , which 
authenticates the identity and then communicates this to 
the home computer 2, which subsequently carries out the 
instructions of the instruction part 13 and makes the 
shutters . roll down. 

The invention is by no means limited to the aibove- described 
embodiments represented in the accompanying drawings; on 
the contrary, such a method and device for supplying 
services can be made in all sorts of variants while still 
remaining within the scope of the invention. 
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Claims . 

5 1. Method for supplying services via at least one existing 
network, whereby the user asking an ^on-line' service 
provider, i.e. who is connected to this network, for a 
service via this network puts in identification data, 
control data for the authentication cind the instruction, 

10 and whereby, on the basis of the identification data and 
the control data, the identity is first authenticated 
before the service is provided by the service provider, 
characterised in that the on-line service providers and 
other service providers who are connected to the same 

15 management centre leave the authentication of the user 
asking for a service, and possibly also the payment, to 
said management centre, and when the identity data, the 
control data and the instruction are received, they 
transmit these identity data and the control data to the 

20 management centre, which checks or authenticates, and if 
required validates the identity, and which will then 
communicate this to the service provider who will 
subsequently offer the service. 

25 2. Method according to claim 1, characterised in that a 
card (magnetic card or chip card) is given to the user, 
which allows the management centre to carry out the 
authentication when an instruction is given at any terminal 
whatsoever which belongs to or which is connected to a 

30 service provider who is himself connected to the management 
centre . 

3. Method according to claim 1 or 2, characterised in that 
the management centre also offers additional services to 
35 the service providers, apart from the authentication, such 
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as determining the creditworthiness of a user, the follow- 
up of virtual financial accounts such as discount voucher 
accounts, the orders placed in order to determine a 
discount percentage, etc., whereby the management centre 
5 can call in the help of external service providers for 
these additional services. 

4. Method according to claim 3, characterised in that, when 
a user gives an instruction, the service provider will. note 

10 the instruction and the identity of the user and will 
transmit the identification data and control data, i.e. the 
request for authentication, to the management centre, 
together with possible additional questions, related for 
example to the creditworthiness of the user^ possible 

15 advantages that are given to the user, etc. 

5. Network architecture for providing on-line services to a 
user, which network architecture comprises a number of 
service providers (7), a number of terminals (1) which are 

20 connected to the service providers (7) via one and the same 
or different networks (6) and by means of which a user can 
order a service via a network (6) by putting in data (10) 
related to his identity, control data (12) to validate this 
identity and an instruction, and a management centre (8) 

25 onto which the service providers (7) are connected for the 
authentication and possibly for the payment of the 
requested service, characterised in that the network 
architecture forms an open system and in that the 
. management centre (8) is shared by both the service 

30 providers who offer services or products to the users of 
this network via a closed network, and other service 
providers, including host computers of local area networks 
of sellers, whereby this management centre is such that, no 
matter via which service provider it receives the data 

35 related to the identity and the control data of a user, it 
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will guarantee the authentication or validation of the 
identity, 

6. Network architecture according to claim 5, characterised 
5 in that these service providers who are connected to the 

management centre (8) include, apart from on-line sales 
services, called shopping malls, one or several of the 
following service providers (7) : service providers (7) 
giving access to a network provided there has been a 
10 payment, printing services whereby documents can be printed 
by the user's printer at a charge, as well as home 
automation systems or home computers - 

7. Network architecture according to claim 5 or 6, 
15 characterised in that the architecture of the network (6) 

is such that the users can operate appliances via remote 
control by inserting a card (5) which has been given to 
them in a terminal (1) and by putting in their personal 
code . 

20 

8. Network architecture according to any of claims 5 to 7, 
characterised in that the management centre (8) is designed 
such that it can authenticate the identity of a user on the 
basis of the identity data (10) of a single card (5) which 

25 has been allotted to the user and which is read by any card 
reader (4) whatsoever of a terminal (1) of the network 
architecture, and on the basis of the control data (12) 
which have been inputted in any way whatsoever by this 
user. 

30 

9. Network architecture according to any of claims 5 to 8, 
characterised in that the management centre is designed 
such that it can provide other services than authenticating 
and possibly carrying out payment orders, whereby this 
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management centre (8) is advantageously linked to external 
service providers (9) who can take care of certain tasks. 

10. Network architecture according to claim 9, 
5 characterised in that the management centre (8) is built 
such that it is able to follow up virtual financial 
accounts, either directly or via external service providers 
(7) , such as for example bonus accounts, coupons or 
discount percentages for users as a function of their 
10 purchases in the past, etc, 

11 - Network architecture according to any of claims 5 to 
10, characterised in that the management centre (8) and the 
connection to the service providers (7) are built such that 
15 the management centre (8) can receive additional questions 
of the service providers (7) and answer them, such as 
questions related to the creditworthiness, possible 
discounts to be applied, etc. and it can possibly be 
connected to this end with external service providers (9) - 

20 

12. Management centre as used in the network architecture 
according to any of claims 5 to 11. 
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